1.1.2. Installing and Configuring the KDC

To use Kerberos with Hadoop you can either use an existing KDC or install a new one just for Hadoop's use. The following gives a very high level description of the installation process. To get more information see RHEL documentation , CentOS documentation, or SLES documentation.

[Note]Note

Because Kerberos is a time-sensitive protocol, all hosts in the realm must be time-synchronized, for example, by using the Network Time Protocol (NTP). If the local system time of a client differs from that of the KDC by as little as 5 minutes (the default), the client will not be able to authenticate.

  1. To install a new version of the server:

    [On RHEL, CentOS, or Oracle Linux]
    yum install krb5-server krb5-libs krb5-auth-dialog krb5-workstation 

    OR

    [On SLES]
    zypper install krb5 krb5-server krb5-client
    [Note]Note

    The host on which you install the KDC must itself be secure.

  2. When the server is installed use a text editor to edit the configuration file, located by default here:

    /etc/krb5.conf

    Change the [realms] section of this file by replacing the default “kerberos.example.com” setting for the kdc and admin_server properties with the Fully Qualified Domain Name of the KDC server. In this example below, “kerberos.example.com” has been replaced with “my.kdc.server”.

    [realms]
     EXAMPLE.COM = {
      kdc = my.kdc.server
      admin_server = my.kdc.server
    }